I would like to know, which standard is responsible to identify the cyber attack security controls and precaution measures is it ISO-22301 or ISO-27001. In our organisation myself managing the BCM department which is complying to ISO 22301, our IT team is maintaining the ISO 27001, however, their BCP has been developed by us in collaboration with them. The plan is generic, outline the response to any major incident such as loss of power, fire, cyber attack..etc. My new line manager is insisting that it is the BCM department responsibility, I have a doubt and I need some advice.
I'm assuming that your doubt is which standard can provide better guidance in the identification of cyber attack security controls and precaution measures.
Considering that, the standard of choice is the ISO 27001, which provides general recommendations for information security that can be adapted for cyber security.
Regarding definition of responsibilities, business continuity related to ISO 27001 is focused on disaster recovery of IT infrastructur e, so if your organization's needs for business continuity go beyond that (i.e., the potential impacts go beyond information-related issues), probably the responsibility should remain with BCM.